NETGEAR M4100 Series

As a cost-effective component of converged voice, video and data networking solutions, NETGEAR M4100 series offers ideal, advanced features for a secure edge in commercial buildings and campus LAN environments.

Automatic MDIX and Auto-negotiation on all ports select the right transmission modes (half or full duplex) as well as data transmission for crossover or straight-through cables dynamically for the admin

100Mbps backward compatiblity on all SFP ports

IPv6 support with multicasting (MLD for IPv6 filtering), ACLs and QoS

Ease of Use

Fully functional Web console (GUI) for IT admins who prefer an easy to use graphical interface

Bridge protocol data unit (BPDU) Guard allows the network administrator to enforce the Spanning Tree (STP) domain borders and keep the active topology consistent and predictable - unauthorized devices or switches behind the edge ports that have BPDU enabled will not be able to influence the overall STP topology by creating loops

Spanning Tree Root Guard (STRG) enforces the Layer 2 network topology by preventing rogue root bridges potential issues when for instance, unauthorized or unexpected new equipment in the network may accidentally become a root bridge for a given VLAN

Secure Shell (SSH) and SNMPv3 (with or without MD5 or SHA authentication) ensure SNMP and Telnet sessions are secured

TACACS+ and RADIUS enhanced administrator management provides strict "Login" and "Enable" authentication enforcement for the switch configuration and authentication based on user domain in addition to user ID and password

NETGEAR Warranty

This product is backed by a NETGEAR ProSAFE® Limited Lifetime Hardware Warranty.

Lifetime Next Business Day Hardware Replacement. Click here for coverage, availability and terms and conditions.

ProSUPPORT 24x7 Advanced Technical Support via phone for 90 days (Remote diagnostics performed by our technical experts for prompt resolution of technical issues). ProSUPPORT coverage can be extended by purchasing one, three, or five year contracts.

At the edge of campus networks or in the server room, static routes are often preferred for simplicity (L3 fixed routes to the next hop towards the destination network are manually added to the routing table), without any impact on performance because L3 routing is wire-speed in M4100 series hardware

Ease of Deployment

For secure deployment in open areas , desktop versions come with a Wall Mount Kit with four brackets

M4100-D10-POE (FSM5210P)

M4100-D12G (GSM5212)

M4100-D12G-POE+ (GSM5212P)

As an option, a Rack Mount Kit is orderable (420-10043-01)

Select desktop versions also come with a set of strong magnets for mounting on any metal surface

M4100-D10-POE (FSM5210P)

M4100-D12G (GSM5212)

Automatic configuration with DHCP and BootP Auto Install eases large deployments with a scalable configuration files management capability, mapping IP addresses and host names and providing individual configuration files to multiple switches as soon as they are initialized on the network

Automatic Voice over IP prioritization with Auto-VoIP simplifies most complex multi-vendor IP telephones deployments either based on protocols (SIP, H323 and SCCP) or on OUI bytes (default database and user-based OUIs) in the phone source MAC address; providing the best class of service to VoIP streams (both data and signaling) over other ordinary traffic by classifying traffic, and enabling correct egress queue configuration

Both the Switch Serial Number and Switch primary MAC address are reported by a simple "show" command in the CLI - facilitating discovery and remote configuration operations

An associated Voice VLAN can be easily configured with Auto-VoIP for further traffic isolation

When deployed IP phones are LLDP-MED compliant, the Voice VLAN will use LLDP-MED to pass on the VLAN ID, 802.1P priority and DSCP values to the IP phones, accelerating convergent deployments

Versatile Connectivity Including "PoE Passthrough"

IEEE 802.3af Power over Ethernet (PoE) provides up to 15.4W per port (M4100-D10-POE; M4100-26-POE; M4100-50-POE; M4100-26G-POE)

Automatic MDIX and Auto-negotiation on all ports select the right transmission modes (half or full duplex) as well as data transmission for crossover or straight-through cables dynamically for the admin

100Mbps backward compatiblity on all SFP ports

IPv6 support with multicasting (MLD for IPv6 filtering), ACLs and QoS

Tier 1 Availability

Rapid Spanning Tree (RSTP) and Multiple Spanning Tree (MSTP) allow for rapid transitionning of the ports to the Forwarding state and the suppression of Topology Change Notification

Private VLANs and local Proxy ARP help reduce broadcast with added security

Management VLAN ID is user selectable for best convenience

Industry-standard VLAN management in the command line interface (CLI) for all common operations such as VLAN creation; VLAN names; VLAN "make static" for dynamically created VLAN by GRVP registration; VLAN trunking; VLAN participation as well as VLAN ID (PVID) and VLAN tagging for one interface, a group of interfaces or all interfaces at once

System defaults automatically set per-port broadcast, multicast, and unicast storm control for typical, robust protection against DoS attacks and faulty clients which can, with BYOD, often create network and performance issues

Comprehensive set of "system utilities" and "Clear" commands help troubleshoot connectivity issues and restore various configurations to their factory defaults for maximum admin efficiency: traceroute (to discover the routes that packets actually take when traveling on a hop-by-hop basis and with a synchronous response when initiated from the CLI), clear dynamically learned MAC addresses, counters, IGMP snooping table entries from the Multicast forwarding database etc...

Simple Network Time Protocol (SNTP) can be used to synchronize network resources and for adaptation of NTP, and can provide synchronized network timestamp either in broadcast or unicast mode (SNTP client implemented over UDP - port 123)

Enterprise Security

Traffic control MAC Filter and Port Security help restrict the traffic allowed into and out of specified ports or interfaces in the system in order to increase overall security and block MAC address flooding issues

IP source guard and Dynamic ARP Inspection use the DHCP snooping bindings database per port and per VLAN to drop incoming packets that do not match any binding and to enforce source IP / MAC addresses for malicious users traffic elimination

Bridge protocol data unit (BPDU) Guard allows the network administrator to enforce the Spanning Tree (STP) domain borders and keep the active topology consistent and predictable - unauthorized devices or switches behind the edge ports that have BPDU enabled will not be able to influence the overall STP topology by creating loops

Spanning Tree Root Guard (STRG) enforces the Layer 2 network topology by preventing rogue root bridges potential issues when for instance, unauthorized or unexpected new equipment in the network may accidentally become a root bridge for a given VLAN

Up to 48 clients (802.1x) per port are supported, including the authentication of the users domain, in order to facilitate convergent deployments: for instance when IP phones connect PCs on their bridge, IP phones and PCs can authenticate on the same switch port but under different VLAN assignment policies (Voice VLAN versus data VLAN)

802.1x MAC Address Authentication Bypass (MAB) is a

A list of authorized MAC addresses of client NICs is maintained on the RADIUS server for MAB purpose

MAB can be configured on a per-port basis on the switch

MAB initiates only after the dot1x authentication process times out, and only when clients don't respond to any of the EAPOL packets sent by the switch

When 802.1X unaware clients try to connect, the switch sends the MAC address of each client to the authentication server

The RADIUS server checks the MAC address of the client NIC against the list of authorized addresses

The RADIUS server returns the access policy and VLAN assignment to the switch for each client

Double VLANs (DVLAN - QoQ) pass traffic from one customer domain to another through the "metro core" in a multi-tenancy environment: customer VLAN IDs are preserved and a service provider VLAN ID is added to the traffic so the traffic can pass the metro core in a simple, secure manner

Private VLANs are useful in DMZ when servers are not supposed to communicate with each other but need to communicate with a router; they remove the need for more complex port-based VLANs with respective IP interface/subnets and associated L3 routing

Secure Shell (SSH) and SNMPv3 (with or without MD5 or SHA authentication) ensure SNMP and Telnet sessions are secured

TACACS+ and RADIUS enhanced administrator management provides strict "Login" and "Enable" authentication enforcement for the switch configuration, based on latest industry standards: exec authorization using TACACS+ or RADIUS; command authorization using TACACS+ and RADIUS Server; user exec accounting for HTTP and HTTPS using TACACS+ or RADIUS; and authentication based on user domain in addition to user ID and password